From owner-cvs-all@FreeBSD.ORG  Tue Feb 24 20:43:38 2004
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 06C1E16A4CE; Tue, 24 Feb 2004 20:43:38 -0800 (PST)
Received: from saturn.criticalmagic.com (saturn.criticalmagic.com
	[68.213.16.21])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id C225D43D1F; Tue, 24 Feb 2004 20:43:37 -0800 (PST)
	(envelope-from richardcoleman@mindspring.com)
Received: from mindspring.com (titan.criticalmagic.com [68.213.16.23])
	by saturn.criticalmagic.com (Postfix) with ESMTP
	id E99B73BD2A; Tue, 24 Feb 2004 23:43:36 -0500 (EST)
Message-ID: <403C27F9.4030203@mindspring.com>
Date: Tue, 24 Feb 2004 23:43:37 -0500
From: Richard Coleman <richardcoleman@mindspring.com>
Organization: Critical Magic, Inc.
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.6) Gecko/20040113
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Kris Kennaway <kris@obsecurity.org>
References: <200402232107.i1NL72Aq095075@repoman.freebsd.org>
	<20040223214202.GA29948@xor.obsecurity.org>
In-Reply-To: <20040223214202.GA29948@xor.obsecurity.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: cvs-all@FreeBSD.org
cc: doc-committers@FreeBSD.org
cc: cvs-doc@FreeBSD.org
cc: Christian Brueffer <brueffer@FreeBSD.org>
Subject: 
	Re: cvs commit: doc/en_US.ISO8859-1/books/porters-handbook book.sgml
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: richardcoleman@mindspring.com
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Feb 2004 04:43:38 -0000

Kris Kennaway wrote:

> On Mon, Feb 23, 2004 at 01:07:02PM -0800, Christian Brueffer wrote:
> 
>>brueffer    2004/02/23 13:07:02 PST
>>
>>  FreeBSD doc repository
>>
>>  Modified files:
>>    en_US.ISO8859-1/books/porters-handbook book.sgml 
>>  Log:
>>  o Don't claim that all UIDs listed are below 999
>>  o Add squid's UID (3128)
> 
> 
> The upper bound of 999 is so that system administrators can assign
> higher uids to their users without running into collisions with ports.
> IMO squid must be fixed to stay within the ports namespace - yes, it's
> too bad it can't have its magic number of 3128 as a uid, but this will
> cause problems for installed systems.
> 
> Kris

More importantly, it has (possible) security implications.  For 
instance, the default settings for "suexec" with Apache are such that it 
will not execute any CGI script as a uid below 1000, since it is assume 
those are reserved for "system" processes.

Most shops that need suexec can easily fix such things.  But you get the 
idea.

Richard Coleman
richardcoleman@mindspring.com